Bug 1492498 - Make certificate exceptions on the new cert error pages permanent by default. r=nhnt11,keeler
authorJohann Hofmann <jhofmann@mozilla.com>
Wed, 23 Jan 2019 16:59:12 +0000
changeset 515140 6aefbed9ce430f1da6b59a4ff98fb69375fa4f8f
parent 515139 647e4cfc0eb44fb8abe57a2a4fa36c91edf3030a
child 515141 2a22490b8a06c9a5eef192ef3192386f8e7ff74f
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnhnt11, keeler
bugs1492498
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1492498 - Make certificate exceptions on the new cert error pages permanent by default. r=nhnt11,keeler This includes a new test for the feature and a bit of test cleanup to factor out all exception related tests into their own test file. Differential Revision: https://phabricator.services.mozilla.com/D17109
browser/app/profile/firefox.js
browser/base/content/browser.js
browser/base/content/test/about/browser.ini
browser/base/content/test/about/browser_aboutCertError.js
browser/base/content/test/about/browser_aboutCertError_exception.js
browser/base/content/test/about/head.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -964,16 +964,17 @@ pref("security.alternate_certificate_err
 pref("browser.security.newcerterrorpage.enabled", true);
 pref("browser.security.newcerterrorpage.mitm.enabled", true);
 #else
 pref("browser.security.newcerterrorpage.enabled", false);
 pref("browser.security.newcerterrorpage.mitm.enabled", false);
 #endif
 
 pref("security.certerrors.recordEventTelemetry", true);
+pref("security.certerrors.permanentOverride", true);
 
 // Whether to start the private browsing mode at application startup
 pref("browser.privatebrowsing.autostart", false);
 
 // Whether to show the new private browsing UI with in-content search box.
 pref("browser.privatebrowsing.searchUI", true);
 
 // Whether the bookmark panel should be shown when bookmarking a page.
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2953,22 +2953,24 @@ var BrowserOnClick = {
           }
           if (securityInfo.isDomainMismatch) {
             flags |= overrideService.ERROR_MISMATCH;
           }
           if (securityInfo.isNotValidAtThisTime) {
             flags |= overrideService.ERROR_TIME;
           }
           let uri = Services.uriFixup.createFixupURI(location, 0);
+          let permanentOverride =
+            Services.prefs.getBoolPref("security.certerrors.permanentOverride");
           cert = securityInfo.serverCert;
           overrideService.rememberValidityOverride(
             uri.asciiHost, uri.port,
             cert,
             flags,
-            true);
+            !permanentOverride);
           browser.reload();
           return;
         }
 
         try {
           switch (Services.prefs.getIntPref("browser.ssl_override_behavior")) {
             case 2 : // Pre-fetch & pre-populate
               params.prefetchCert = true;
--- a/browser/base/content/test/about/browser.ini
+++ b/browser/base/content/test/about/browser.ini
@@ -6,16 +6,17 @@ support-files =
   searchSuggestionEngine.xml
   POSTSearchEngine.xml
   dummy_page.html
 prefs =
   browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar=false
 
 [browser_aboutCertError.js]
 [browser_aboutCertError_clockSkew.js]
+[browser_aboutCertError_exception.js]
 [browser_aboutCertError_telemetry.js]
 [browser_aboutHome_search_POST.js]
 [browser_aboutHome_search_composing.js]
 [browser_aboutHome_search_searchbar.js]
 [browser_aboutHome_search_suggestion.js]
 skip-if = os == "mac" || (os == "linux" && (!debug || bits == 64)) || (os == 'win' && os_version == '10.0' && bits == 64 && !debug) # Bug 1399648, bug 1402502
 [browser_aboutHome_search_telemetry.js]
 [browser_aboutNetError.js]
--- a/browser/base/content/test/about/browser_aboutCertError.js
+++ b/browser/base/content/test/about/browser_aboutCertError.js
@@ -47,44 +47,16 @@ add_task(async function checkReturnToAbo
     is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack");
     is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
     is(gBrowser.currentURI.spec, "about:home", "Went back");
 
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
 });
 
-add_task(async function checkExceptionDialogButton() {
-  Services.prefs.setBoolPref(PREF_NEW_CERT_ERRORS, true);
-  info("Loading a bad cert page and making sure the exceptionDialogButton directly adds an exception");
-  let tab = await openErrorPage(BAD_CERT);
-  let browser = tab.linkedBrowser;
-  let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT);
-  info("Clicking the exceptionDialogButton in advanced panel");
-  await ContentTask.spawn(browser, null, async function() {
-    let doc = content.document;
-    let exceptionButton = doc.getElementById("exceptionDialogButton");
-    exceptionButton.click();
-  });
-
-  info("Loading the url after adding exception");
-  await loaded;
-
-  await ContentTask.spawn(browser, null, async function() {
-    let doc = content.document;
-    ok(!doc.documentURI.startsWith("about:certerror"), "Exception has been added");
-  });
-
-  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
-                              .getService(Ci.nsICertOverrideService);
-  certOverrideService.clearValidityOverride("expired.example.com", -1);
-  BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
-});
-
 add_task(async function checkReturnToPreviousPage() {
   info("Loading a bad cert page and making sure 'return to previous page' goes back");
   for (let useFrame of [false, true]) {
     let tab;
     let browser;
     if (useFrame) {
       tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE);
       browser = tab.linkedBrowser;
@@ -123,53 +95,16 @@ add_task(async function checkReturnToPre
     is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack");
     is(browser.webNavigation.canGoForward, true, "webNavigation.canGoForward");
     is(gBrowser.currentURI.spec, GOOD_PAGE, "Went back");
 
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
 });
 
-add_task(async function checkBadStsCert() {
-  info("Loading a badStsCert and making sure exception button doesn't show up");
-
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(BAD_STS_CERT, useFrame);
-    let browser = tab.linkedBrowser;
-
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      let exceptionButton = doc.getElementById("exceptionDialogButton");
-      ok(ContentTaskUtils.is_hidden(exceptionButton), "Exception button is hidden.");
-    });
-
-    let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      let advancedButton = doc.getElementById("advancedButton");
-      advancedButton.click();
-      return doc.getElementById("badCertTechnicalInfo").textContent;
-    });
-    if (Services.prefs.getBoolPref(PREF_NEW_CERT_ERRORS)) {
-      ok(message.includes("SSL_ERROR_BAD_CERT_DOMAIN"), "Didn't find SSL_ERROR_BAD_CERT_DOMAIN.");
-      ok(message.includes("The certificate is only valid for"), "Didn't find error message.");
-      ok(message.includes("a certificate that is not valid for"), "Didn't find error message.");
-      ok(message.includes("badchain.include-subdomains.pinning.example.com"), "Didn't find domain in error message.");
-
-      BrowserTestUtils.removeTab(gBrowser.selectedTab);
-      return;
-    }
-    ok(message.includes("SSL_ERROR_BAD_CERT_DOMAIN"), "Didn't find SSL_ERROR_BAD_CERT_DOMAIN.");
-    ok(message.includes("The certificate is only valid for"), "Didn't find error message.");
-    ok(message.includes("uses an invalid security certificate"), "Didn't find error message.");
-    ok(message.includes("badchain.include-subdomains.pinning.example.com"), "Didn't find domain in error message.");
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-});
-
 // This checks that the appinfo.appBuildID starts with a date string,
 // which is required for the misconfigured system time check.
 add_task(async function checkAppBuildIDIsDate() {
   let appBuildID = Services.appinfo.appBuildID;
   let year = parseInt(appBuildID.substr(0, 4), 10);
   let month = parseInt(appBuildID.substr(4, 2), 10);
   let day = parseInt(appBuildID.substr(6, 2), 10);
 
@@ -235,51 +170,16 @@ add_task(async function checkAdvancedDet
        "Correct HPKP value found");
     let certChain = getCertChain(message.securityInfoAsString);
     ok(message.text.includes(certChain), "Found certificate chain");
 
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
 });
 
-add_task(async function checkhideAddExceptionButtonViaPref() {
-  info("Loading a bad cert page and verifying the pref security.certerror.hideAddException");
-  Services.prefs.setBoolPref("security.certerror.hideAddException", true);
-
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(BAD_CERT, useFrame);
-    let browser = tab.linkedBrowser;
-
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-
-      let exceptionButton = doc.querySelector(".exceptionDialogButtonContainer");
-      ok(ContentTaskUtils.is_hidden(exceptionButton), "Exception button is hidden.");
-    });
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-
-  Services.prefs.clearUserPref("security.certerror.hideAddException");
-});
-
-add_task(async function checkhideAddExceptionButtonInFrames() {
-  info("Loading a bad cert page in a frame and verifying it's hidden.");
-  let tab = await openErrorPage(BAD_CERT, true);
-  let browser = tab.linkedBrowser;
-
-  await ContentTask.spawn(browser, null, async function() {
-    let doc = content.document.querySelector("iframe").contentDocument;
-    let exceptionButton = doc.getElementById("exceptionDialogButton");
-    ok(ContentTaskUtils.is_hidden(exceptionButton), "Exception button is hidden.");
-  });
-
-  BrowserTestUtils.removeTab(gBrowser.selectedTab);
-});
-
 add_task(async function checkAdvancedDetailsForHSTS() {
   info("Loading a bad STS cert page and verifying the advanced details section");
   for (let useFrame of [false, true]) {
     let tab = await openErrorPage(BAD_STS_CERT, useFrame);
     let browser = tab.linkedBrowser;
 
     let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
       let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
@@ -407,40 +307,8 @@ add_task(async function checkViewCertifi
     is(win.document.getElementById("commonname").value, "self-signed.example.com",
       "Shows the correct certificate in the dialog");
     win.close();
 
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
   Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
 });
-
-function getCertChain(securityInfoAsString) {
-  let certChain = "";
-  const serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                       .getService(Ci.nsISerializationHelper);
-  let securityInfo = serhelper.deserializeObject(securityInfoAsString);
-  securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-  for (let cert of securityInfo.failedCertChain.getEnumerator()) {
-    certChain += getPEMString(cert);
-  }
-  return certChain;
-}
-
-function getDERString(cert) {
-  var length = {};
-  var derArray = cert.getRawDER(length);
-  var derString = "";
-  for (var i = 0; i < derArray.length; i++) {
-    derString += String.fromCharCode(derArray[i]);
-  }
-  return derString;
-}
-
-function getPEMString(cert) {
-  var derb64 = btoa(getDERString(cert));
-  // Wrap the Base64 string into lines of 64 characters,
-  // with CRLF line breaks (as specified in RFC 1421).
-  var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
-  return "-----BEGIN CERTIFICATE-----\r\n"
-         + wrapped
-         + "\r\n-----END CERTIFICATE-----\r\n";
-}
copy from browser/base/content/test/about/browser_aboutCertError.js
copy to browser/base/content/test/about/browser_aboutCertError_exception.js
--- a/browser/base/content/test/about/browser_aboutCertError.js
+++ b/browser/base/content/test/about/browser_aboutCertError_exception.js
@@ -1,61 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
-// This is testing the aboutCertError page (Bug 1207107).
-
-const GOOD_PAGE = "https://example.com/";
-const GOOD_PAGE_2 = "https://example.org/";
 const BAD_CERT = "https://expired.example.com/";
-const UNKNOWN_ISSUER = "https://self-signed.example.com ";
 const BAD_STS_CERT = "https://badchain.include-subdomains.pinning.example.com:443";
-const {TabStateFlusher} = ChromeUtils.import("resource:///modules/sessionstore/TabStateFlusher.jsm", {});
 const PREF_NEW_CERT_ERRORS = "browser.security.newcerterrorpage.enabled";
-
-add_task(async function checkReturnToAboutHome() {
-  info("Loading a bad cert page directly and making sure 'return to previous page' goes to about:home");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(BAD_CERT, useFrame);
-    let browser = tab.linkedBrowser;
-
-    is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack");
-    is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
-
-    // Populate the shistory entries manually, since it happens asynchronously
-    // and the following tests will be too soon otherwise.
-    await TabStateFlusher.flush(browser);
-    let {entries} = JSON.parse(SessionStore.getTabState(tab));
-    is(entries.length, 1, "there is one shistory entry");
-
-    info("Clicking the go back button on about:certerror");
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-
-      let returnButton = doc.getElementById("returnButton");
-      if (!frame) {
-        is(returnButton.getAttribute("autofocus"), "true", "returnButton has autofocus");
-      }
-      // Note that going back to about:newtab might cause a process flip, if
-      // the browser is configured to run about:newtab in its own special
-      // content process.
-      returnButton.click();
-    });
-
-    await BrowserTestUtils.waitForLocationChange(gBrowser, "about:home");
-
-    is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack");
-    is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
-    is(gBrowser.currentURI.spec, "about:home", "Went back");
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-});
+const PREF_PERMANENT_OVERRIDE = "security.certerrors.permanentOverride";
 
 add_task(async function checkExceptionDialogButton() {
   Services.prefs.setBoolPref(PREF_NEW_CERT_ERRORS, true);
   info("Loading a bad cert page and making sure the exceptionDialogButton directly adds an exception");
   let tab = await openErrorPage(BAD_CERT);
   let browser = tab.linkedBrowser;
   let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT);
   info("Clicking the exceptionDialogButton in advanced panel");
@@ -75,62 +31,64 @@ add_task(async function checkExceptionDi
 
   let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
                               .getService(Ci.nsICertOverrideService);
   certOverrideService.clearValidityOverride("expired.example.com", -1);
   BrowserTestUtils.removeTab(gBrowser.selectedTab);
   Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
 });
 
-add_task(async function checkReturnToPreviousPage() {
-  info("Loading a bad cert page and making sure 'return to previous page' goes back");
-  for (let useFrame of [false, true]) {
-    let tab;
-    let browser;
-    if (useFrame) {
-      tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE);
-      browser = tab.linkedBrowser;
+add_task(async function checkPermanentExceptionPref() {
+  Services.prefs.setBoolPref(PREF_NEW_CERT_ERRORS, true);
+  info("Loading a bad cert page and making sure the permanent state of exceptions can be controlled via pref");
 
-      BrowserTestUtils.loadURI(browser, GOOD_PAGE_2);
-      await BrowserTestUtils.browserLoaded(browser, false, GOOD_PAGE_2);
-      await injectErrorPageFrame(tab, BAD_CERT);
-    } else {
-      tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE);
-      browser = gBrowser.selectedBrowser;
+  for (let permanentOverride of [false, true]) {
+    Services.prefs.setBoolPref(PREF_PERMANENT_OVERRIDE, permanentOverride);
 
-      info("Loading and waiting for the cert error");
-      let certErrorLoaded = BrowserTestUtils.waitForErrorPage(browser);
-      BrowserTestUtils.loadURI(browser, BAD_CERT);
-      await certErrorLoaded;
-    }
-
-    is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack");
-    is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
-
-    // Populate the shistory entries manually, since it happens asynchronously
-    // and the following tests will be too soon otherwise.
-    await TabStateFlusher.flush(browser);
-    let {entries} = JSON.parse(SessionStore.getTabState(tab));
-    is(entries.length, 2, "there are two shistory entries");
-
-    info("Clicking the go back button on about:certerror");
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      let returnButton = doc.getElementById("returnButton");
-      returnButton.click();
-
-      await ContentTaskUtils.waitForEvent(this, "pageshow", true);
+    let tab = await openErrorPage(BAD_CERT);
+    let browser = tab.linkedBrowser;
+    let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT);
+    info("Clicking the exceptionDialogButton in advanced panel");
+    let securityInfoAsString = await ContentTask.spawn(browser, null, async function() {
+      let doc = content.document;
+      let exceptionButton = doc.getElementById("exceptionDialogButton");
+      exceptionButton.click();
+      let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                       .getService(Ci.nsISerializationHelper);
+      let serializable =  content.docShell.failedChannel.securityInfo
+                                 .QueryInterface(Ci.nsITransportSecurityInfo)
+                                 .QueryInterface(Ci.nsISerializable);
+      return serhelper.serializeToString(serializable);
     });
 
-    is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack");
-    is(browser.webNavigation.canGoForward, true, "webNavigation.canGoForward");
-    is(gBrowser.currentURI.spec, GOOD_PAGE, "Went back");
+    info("Loading the url after adding exception");
+    await loaded;
+
+    await ContentTask.spawn(browser, null, async function() {
+      let doc = content.document;
+      ok(!doc.documentURI.startsWith("about:certerror"), "Exception has been added");
+    });
 
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+
+    let isTemporary = {};
+    let cert = getSecurityInfo(securityInfoAsString).serverCert;
+    let hasException =
+      certOverrideService.hasMatchingOverride("expired.example.com", -1, cert, {}, isTemporary);
+    ok(hasException, "Has stored an exception for the page.");
+    is(isTemporary.value, !permanentOverride,
+      `Has stored a ${permanentOverride ? "permanent" : "temporary"} exception for the page.`);
+
+    certOverrideService.clearValidityOverride("expired.example.com", -1);
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
+
+  Services.prefs.clearUserPref(PREF_PERMANENT_OVERRIDE);
+  Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
 });
 
 add_task(async function checkBadStsCert() {
   info("Loading a badStsCert and making sure exception button doesn't show up");
 
   for (let useFrame of [false, true]) {
     let tab = await openErrorPage(BAD_STS_CERT, useFrame);
     let browser = tab.linkedBrowser;
@@ -160,91 +118,16 @@ add_task(async function checkBadStsCert(
     ok(message.includes("The certificate is only valid for"), "Didn't find error message.");
     ok(message.includes("uses an invalid security certificate"), "Didn't find error message.");
     ok(message.includes("badchain.include-subdomains.pinning.example.com"), "Didn't find domain in error message.");
 
     BrowserTestUtils.removeTab(gBrowser.selectedTab);
   }
 });
 
-// This checks that the appinfo.appBuildID starts with a date string,
-// which is required for the misconfigured system time check.
-add_task(async function checkAppBuildIDIsDate() {
-  let appBuildID = Services.appinfo.appBuildID;
-  let year = parseInt(appBuildID.substr(0, 4), 10);
-  let month = parseInt(appBuildID.substr(4, 2), 10);
-  let day = parseInt(appBuildID.substr(6, 2), 10);
-
-  ok(year >= 2016 && year <= 2100, "appBuildID contains a valid year");
-  ok(month >= 1 && month <= 12, "appBuildID contains a valid month");
-  ok(day >= 1 && day <= 31, "appBuildID contains a valid day");
-});
-
-add_task(async function checkAdvancedDetails() {
-  info("Loading a bad cert page and verifying the main error and advanced details section");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(BAD_CERT, useFrame);
-    let browser = tab.linkedBrowser;
-
-    let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-
-      let shortDescText = doc.getElementById("errorShortDescText");
-      info("Main error text: " + shortDescText.textContent);
-      ok(shortDescText.textContent.includes("expired.example.com"),
-         "Should list hostname in error message.");
-
-      let exceptionButton = doc.getElementById("exceptionDialogButton");
-      ok(!exceptionButton.disabled, "Exception button is not disabled by default.");
-
-      let advancedButton = doc.getElementById("advancedButton");
-      advancedButton.click();
-      let el = doc.getElementById("errorCode");
-      return { textContent: el.textContent, tagName: el.tagName };
-    });
-    is(message.textContent, "SEC_ERROR_EXPIRED_CERTIFICATE",
-       "Correct error message found");
-    is(message.tagName, "a", "Error message is a link");
-
-    message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let win = frame ? content.document.querySelector("iframe").contentWindow : content;
-      let doc = win.document;
-
-      let errorCode = doc.getElementById("errorCode");
-      errorCode.click();
-      let div = doc.getElementById("certificateErrorDebugInformation");
-      let text = doc.getElementById("certificateErrorText");
-
-      let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                       .getService(Ci.nsISerializationHelper);
-      let serializable =  win.docShell.failedChannel.securityInfo
-                                      .QueryInterface(Ci.nsITransportSecurityInfo)
-                                      .QueryInterface(Ci.nsISerializable);
-      let serializedSecurityInfo = serhelper.serializeToString(serializable);
-      return {
-        divDisplay: content.getComputedStyle(div).display,
-        text: text.textContent,
-        securityInfoAsString: serializedSecurityInfo,
-      };
-    });
-    isnot(message.divDisplay, "none", "Debug information is visible");
-    ok(message.text.includes(BAD_CERT), "Correct URL found");
-    ok(message.text.includes("Certificate has expired"),
-       "Correct error message found");
-    ok(message.text.includes("HTTP Strict Transport Security: false"),
-       "Correct HSTS value found");
-    ok(message.text.includes("HTTP Public Key Pinning: false"),
-       "Correct HPKP value found");
-    let certChain = getCertChain(message.securityInfoAsString);
-    ok(message.text.includes(certChain), "Found certificate chain");
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-});
-
 add_task(async function checkhideAddExceptionButtonViaPref() {
   info("Loading a bad cert page and verifying the pref security.certerror.hideAddException");
   Services.prefs.setBoolPref("security.certerror.hideAddException", true);
 
   for (let useFrame of [false, true]) {
     let tab = await openErrorPage(BAD_CERT, useFrame);
     let browser = tab.linkedBrowser;
 
@@ -269,178 +152,8 @@ add_task(async function checkhideAddExce
   await ContentTask.spawn(browser, null, async function() {
     let doc = content.document.querySelector("iframe").contentDocument;
     let exceptionButton = doc.getElementById("exceptionDialogButton");
     ok(ContentTaskUtils.is_hidden(exceptionButton), "Exception button is hidden.");
   });
 
   BrowserTestUtils.removeTab(gBrowser.selectedTab);
 });
-
-add_task(async function checkAdvancedDetailsForHSTS() {
-  info("Loading a bad STS cert page and verifying the advanced details section");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(BAD_STS_CERT, useFrame);
-    let browser = tab.linkedBrowser;
-
-    let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-
-      let advancedButton = doc.getElementById("advancedButton");
-      advancedButton.click();
-      let ec = doc.getElementById("errorCode");
-      let cdl = doc.getElementById("cert_domain_link");
-      return {
-        ecTextContent: ec.textContent,
-        ecTagName: ec.tagName,
-        cdlTextContent: cdl.textContent,
-        cdlTagName: cdl.tagName,
-      };
-    });
-
-    const badStsUri = Services.io.newURI(BAD_STS_CERT);
-    is(message.ecTextContent, "SSL_ERROR_BAD_CERT_DOMAIN",
-       "Correct error message found");
-    is(message.ecTagName, "a", "Error message is a link");
-    const url = badStsUri.prePath.slice(badStsUri.prePath.indexOf(".") + 1);
-    is(message.cdlTextContent, url,
-       "Correct cert_domain_link contents found");
-    is(message.cdlTagName, "a", "cert_domain_link is a link");
-
-    message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let win = frame ? content.document.querySelector("iframe").contentWindow : content;
-      let doc = win.document;
-
-      let errorCode = doc.getElementById("errorCode");
-      errorCode.click();
-      let div = doc.getElementById("certificateErrorDebugInformation");
-      let text = doc.getElementById("certificateErrorText");
-
-      let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                       .getService(Ci.nsISerializationHelper);
-      let serializable =  win.docShell.failedChannel.securityInfo
-                                      .QueryInterface(Ci.nsITransportSecurityInfo)
-                                      .QueryInterface(Ci.nsISerializable);
-      let serializedSecurityInfo = serhelper.serializeToString(serializable);
-      return {
-        divDisplay: content.getComputedStyle(div).display,
-        text: text.textContent,
-        securityInfoAsString: serializedSecurityInfo,
-      };
-    });
-    isnot(message.divDisplay, "none", "Debug information is visible");
-    ok(message.text.includes(badStsUri.spec), "Correct URL found");
-    ok(message.text.includes("requested domain name does not match the server\u2019s certificate"),
-       "Correct error message found");
-    ok(message.text.includes("HTTP Strict Transport Security: false"),
-       "Correct HSTS value found");
-    ok(message.text.includes("HTTP Public Key Pinning: true"),
-       "Correct HPKP value found");
-    let certChain = getCertChain(message.securityInfoAsString);
-    ok(message.text.includes(certChain), "Found certificate chain");
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-});
-
-add_task(async function checkUnknownIssuerLearnMoreLink() {
-  info("Loading a cert error for self-signed pages and checking the correct link is shown");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(UNKNOWN_ISSUER, useFrame);
-    let browser = tab.linkedBrowser;
-
-    let href = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      let learnMoreLink = doc.getElementById("learnMoreLink");
-      return learnMoreLink.href;
-    });
-    ok(href.endsWith("security-error"), "security-error in the Learn More URL");
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-});
-
-add_task(async function checkCautionClass() {
-  Services.prefs.setBoolPref(PREF_NEW_CERT_ERRORS, true);
-  info("Checking that are potentially more dangerous get a 'caution' class");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(UNKNOWN_ISSUER, useFrame);
-    let browser = tab.linkedBrowser;
-
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      is(doc.body.classList.contains("caution"), !frame, `Cert error body has ${frame ? "no" : ""} caution class`);
-    });
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-
-    tab = await openErrorPage(BAD_STS_CERT, useFrame);
-    browser = tab.linkedBrowser;
-
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      ok(!doc.body.classList.contains("caution"), "Cert error body has no caution class");
-    });
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-  Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
-});
-
-add_task(async function checkViewCertificate() {
-  Services.prefs.setBoolPref(PREF_NEW_CERT_ERRORS, true);
-  info("Loading a cert error and checking that the certificate can be shown.");
-  for (let useFrame of [false, true]) {
-    let tab = await openErrorPage(UNKNOWN_ISSUER, useFrame);
-    let browser = tab.linkedBrowser;
-
-    let dialogOpened = BrowserTestUtils.domWindowOpened();
-
-    await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
-      let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
-      let viewCertificate = doc.getElementById("viewCertificate");
-      viewCertificate.click();
-    });
-
-    let win = await dialogOpened;
-    await BrowserTestUtils.waitForEvent(win, "load");
-    is(win.document.documentURI, "chrome://pippki/content/certViewer.xul",
-      "Opened the cert viewer dialog");
-    is(win.document.getElementById("commonname").value, "self-signed.example.com",
-      "Shows the correct certificate in the dialog");
-    win.close();
-
-    BrowserTestUtils.removeTab(gBrowser.selectedTab);
-  }
-  Services.prefs.clearUserPref(PREF_NEW_CERT_ERRORS);
-});
-
-function getCertChain(securityInfoAsString) {
-  let certChain = "";
-  const serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
-                       .getService(Ci.nsISerializationHelper);
-  let securityInfo = serhelper.deserializeObject(securityInfoAsString);
-  securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-  for (let cert of securityInfo.failedCertChain.getEnumerator()) {
-    certChain += getPEMString(cert);
-  }
-  return certChain;
-}
-
-function getDERString(cert) {
-  var length = {};
-  var derArray = cert.getRawDER(length);
-  var derString = "";
-  for (var i = 0; i < derArray.length; i++) {
-    derString += String.fromCharCode(derArray[i]);
-  }
-  return derString;
-}
-
-function getPEMString(cert) {
-  var derb64 = btoa(getDERString(cert));
-  // Wrap the Base64 string into lines of 64 characters,
-  // with CRLF line breaks (as specified in RFC 1421).
-  var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
-  return "-----BEGIN CERTIFICATE-----\r\n"
-         + wrapped
-         + "\r\n-----END CERTIFICATE-----\r\n";
-}
--- a/browser/base/content/test/about/head.js
+++ b/browser/base/content/test/about/head.js
@@ -1,14 +1,51 @@
 /* eslint-env mozilla/frame-script */
 
 XPCOMUtils.defineLazyModuleGetters(this, {
   FormHistory: "resource://gre/modules/FormHistory.jsm",
 });
 
+function getSecurityInfo(securityInfoAsString) {
+  const serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                       .getService(Ci.nsISerializationHelper);
+  let securityInfo = serhelper.deserializeObject(securityInfoAsString);
+  securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+  return securityInfo;
+}
+
+function getCertChain(securityInfoAsString) {
+  let certChain = "";
+  let securityInfo = getSecurityInfo(securityInfoAsString);
+  for (let cert of securityInfo.failedCertChain.getEnumerator()) {
+    certChain += getPEMString(cert);
+  }
+  return certChain;
+}
+
+function getDERString(cert) {
+  var length = {};
+  var derArray = cert.getRawDER(length);
+  var derString = "";
+  for (var i = 0; i < derArray.length; i++) {
+    derString += String.fromCharCode(derArray[i]);
+  }
+  return derString;
+}
+
+function getPEMString(cert) {
+  var derb64 = btoa(getDERString(cert));
+  // Wrap the Base64 string into lines of 64 characters,
+  // with CRLF line breaks (as specified in RFC 1421).
+  var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
+  return "-----BEGIN CERTIFICATE-----\r\n"
+         + wrapped
+         + "\r\n-----END CERTIFICATE-----\r\n";
+}
+
 function injectErrorPageFrame(tab, src) {
   return ContentTask.spawn(tab.linkedBrowser, {frameSrc: src}, async function({frameSrc}) {
     let loaded = ContentTaskUtils.waitForEvent(content.wrappedJSObject, "DOMFrameContentLoaded");
     let iframe = content.document.createElement("iframe");
     iframe.src = frameSrc;
     content.document.body.appendChild(iframe);
     await loaded;
     // We will have race conditions when accessing the frame content after setting a src,